This is the minimum version(s) of the patch and/or build required to address the issue. Trend Micro highly encourages customers to obtain the latest version of the product if there is a newer one available than the one listed in this bulletin.

Customers are encouraged to visit Trend Micro’s Download Center to obtain prerequisite software (such as Service Packs) before applying any of the solutions above.

Please note that there were several additional vulnerabilities reported to Trend Micro; however due to the negative impact of implementing the proposed fixes on the product’s critical normal functions, Trend Micro has decided that these will not be addressed in the current iteration of the product. More information can be found in the Mitigating Factors section below.

Due to the seriousness of these vulnerabilities, customers are highly encouraged to update to the latest build as soon as possible.

Mitigating Factors

Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.

However, even though an exploit may require several specific conditions to be met, Trend Micro strongly encourages customers to update to the latest builds as soon as possible.

*Specifically for the vulnerabilities listed above that will not be immediately addressed, Trend Micro recommends the following mitigating steps to reduce any potential risk from these vulnerabilities:

CVE-2018-6224 - it was reported that this vulnerability could be chained with at least 3 other vulnerabilities listed above to lead to remote command execution. The latest TMMEG build addresses the 3 other vulnerabilities, which should negate the ability to attain remote command execution using this vulnerability.

CVE-2018-10353 – even though this was not directly addressed, the latest build resolves CVE-2018-6223, which in effect prevents an attacker from accessing the necessary configuration file to setup the SQL injection attack; thus, negating it.

In addition, for the following vulnerabilities: CVE-2018-6224, CVE-2018-6230, CVE-2018-10351, CVE-2018-10352, CVE-2018-10354 and CVE-2018-10355 -- the affected components are located in the TMEEG web console, which by design is not generally internet-facing and is usually configured for the administrator to only access within the intranet. A recommendation to help mitigate exposure and exploit risk is to ensure that the web console is secured on the intranet only and with limited access (e.g. assign allowed-access network segment via IP range for example).

Geolocation Notification

Please approve access on GeoIP location for us to better provide information based on your support region.
If your location now is different from your real support region, you may manually re-select support region
in the upper right corner or click here.